End-host address assignment options for IPv6 networks

Overview of the different ways IPv6 end-host address assignment can be configured.

Address Types and Scope

First, we need a quick understanding of the different address types in IPv6 which are referred to as "scope".
  • Global scope addresses are the ones we most used to, the regular globally reachable address and often registered in DNS. For UW-Madison, our global prefix is 2607:f388::/32.

  • Link-Local scope is used within a particular subnet only and are not routable at all. They start with the IPv6 prefix fe80::/64. In IPv4, these are most similar to 169.254.x.x addresses hosts use if they do not have global addresses, however in IPv6 they are always configured.

  • Loopback is the how a host can refer to itself, similar to 127.0.0.1 in IPv4. The IPv6 address is ::1/128 and is also called Host Scope.

  • Multicast can be used both with link-local, site-local, and global scope. This is how, for example, nodes on a given lan can find each other. Multicast addresses are in the range ff00::/8. More on IPv6 Multicast addresses.

  • Broadcast is not used in IPv6 in favor of Multicast.

  • Site-Local scope is specific to an enterprise. However as an addressing range, it has been deprecated since 2004. Documentation that referrers to it or the range fec0::/10 is out of date.

  • Uniform Local Addressing to some degree replaces site-local. ULA is similar to RFC 1918 address in IPv4, but with some differences. ULA is relatively new, and there still is an amount of churn in the standards bodies about how the addresses should be used. UW Network Services discourages the use ULA at this time.

    Now, we can discuss how hosts can be assigned Global scope addresses.

Stateless Autoconfiguration

This is one of the most common mechanisms used for IPv6 address assignment. A host listens (or solicits) for messages from the router about what network prefix the host is on. The host then takes the network prefix, and appends its mac address in a modified form (by inserting FF:FE in the middle, and setting the 7th bit to a 1) and uses that as the global scope address. This is typically the default on Unixes (OS X, Linux, BSD, Solaris, etc).

Example:

Prefix announced by router: 2607:f388:f:100::/64
Host mac address: 00:0C:29:4A:7C:B0
Autoconfigured address: 2607:f388:f:100:20c:29ff:fe4a:7cb0/64

Stateless Autoconfiguration w/ Privacy Extensions

One of the issues with the above method is that mac addresses are typically unique globally. If a host moved between subnets (or from UW to a user's home) the network prefix portion of the address would be different, but the lower 64 bits of the address would remain the same. This global uniqueness is then a privacy concern because a machine would potentially be recognizable regardless of where it connected to the internet.

To combat this, a host can still take the network prefix announced by the router, but then generate a random identifier to use for the host portions of the address. To take things further, the host can change the lower bits periodically to help stay anonymous.

This is the default behavior on some Microsoft platforms, and particularly annoying in enterprise environments. However, it can be disabled using the registry or netsh commands:

netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

Static Configuration

Perhaps the most obvious mechanism for giving a host a global scope address is to assign one and statically configure on the host. However, some hosts may still also automatically configure dynamic addresses unless configured not to. This is particularly annoying for servers or for where firewalling is used. Example: IPv6 static address configuration for linux hosts. Also, see the note near the bottom of this page on disabling autoconfiguration.

Stateless Autoconfiguration w/ stateless DHCPv6

After using one of the above mechanisms for address assignment, the typical next step is to configure DNS servers for the host to use. This can be done via a lightweight DHCPv6 server who's only job is to hand out options, but not keep track of address assignments. This can be used with Microsoft operating systems newer than XP. The routers on the network must be configured to announce to clients that stateless DHCP service is available. Stateless DHCPv6 clients are not included as part of OS X.

Stateless Autoconfiguration w/ DNS Advertisement (RFC 5006)

A new way to assign DNS servers in IPv6 is to have the routers announce them out to the network along with the prefix. UW's routers currently can not send this option, and client support for RFC 5006 nearly non-existent.

Stateful DHCPv6

Networks can be configured to only use DHCP for addressing and options. This is very similar to how DHCP is typically used on IPv4 networks. Some differences are that the network's routers must be configured to tell the clients to use statefull DHCP, and support for identifying a host based on its mac addresses across a relay may be problematic (match on the DUID instead). Stateful DHCPv6 clients are not included as part of OS X.

If you use stateful DHCPv6 for all hosts on a lan, it is possible to turn off autoconfiguration. See the note near the bottom of this page.

Note on using IPv4 DNS servers on dual-stack hosts

It should be pointed out that since most (nearly all) hosts on the UW network will have both IPv4 connectivity as well as IPv6, DNS is no different from any other network application and you can certainly use IPv4 DNS servers and not worry about configuring your hosts to use DNS over IPv6. However, you will want to make sure that your DNS servers are usable over IPv6.

Note on disabling autoconfiguration

Our routers have the capability to not announce the IPv6 configuration out to the network. This prevents hosts from autoconfiguring themselves, and is useful for server environments or applications where you want hosts to be 100% staticly configured or configured solely by stateful DHCPv6. This also can be useful if you have many ipv6 capable hosts (nearly every modern host) but want to keep them disabled while you manually enable them one at a time.



Keywords:ipv6 dhcp dhcpv6 auto configuration autoconfiguration scope   Doc ID:14401
Owner:Dale C.Group:Network Services
Created:2010-06-06 19:00 CDTUpdated:2010-08-18 19:00 CDT
Sites:Network Services, Systems Engineering
Feedback:  20   5